FIDO Phishing-Resistant Authentication featuring Jack Poller

Jack Poller, founder and principal analyst of Paradigm Technica, discusses the evolution and challenges of authentication methods, particularly focusing on the limitations of traditional passwords. He explains that passwords, which have been used since ancient times, are fundamentally flawed because they are shared secrets that can be easily stolen or phished. Despite the implementation of multi-factor authentication (MFA) to enhance security by combining something you know (password) with something you have (a device) or something you are (biometrics), these methods still rely on shared secrets that can be compromised through social engineering tactics.

Poller introduces public key cryptography as a more secure alternative for authentication, which has been around since the 1970s but is relatively new in the context of identity and access management. Public key cryptography involves a pair of keys: a private key that encrypts data and a public key that decrypts it. This method ensures that the private key, stored in a secure vault within a trusted processor module (TPM), cannot be extracted or misused, even under duress. The TPM not only stores the keys securely but also performs the encryption and decryption processes, ensuring that the keys are never exposed.

He further elaborates on how the FIDO (Fast Identity Online) protocol leverages this technology to provide phishing-resistant authentication. When a user attempts to log in to a website, the site sends a challenge to the user’s device, which is then encrypted using the private key stored in the TPM. The encrypted response is sent back to the website, which decrypts it using the corresponding public key to verify the user’s identity. This method eliminates the risks associated with password reuse and phishing, making it a more secure and user-friendly solution. Poller emphasizes the importance of adopting passkeys offered by websites to enhance overall internet security.